A new compliance ruleset- AWS Dome9 Network Alerts for default VPC components will be available in CloudGuard Dome9 within next 5-10 business days. This ruleset supports aligned with architectures that include Security Groups, Gateways, Route Tables, NACLs and is based on  AWS Guidelines: https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#default-vpc-components.

In addition to this new ruleset, we will be enhancing the existing network security rulesets for AWS, Azure and GCP by adding rules coverage for the additional ports as follows:

• 100 New rules added for AWS Dome9 Best Practices
• 100 New rules added for AWS Dome9 Network Alerts
• 25 New rules added for Azure Dome9 Best Practices
• 25 New rules added for Azure Dome9 Network Alerts
• 25 New rules added for GCP Dome9 Best Practices
• 25 New rules added for GCP Dome9 Network Alerts

List of ports added: 

How does this change affects us?

If you are utilizing Security Groups, Gateways, Route Tables, NACLs, it is recommended to start using AWS Dome9 Network Alerts for default VPC components instead of AWS Networks Alerts ruleset, to reduce the amount of false positive findings you may encounter using AWS Dome9 Network Alerts.

Updates to existing rulesets will result in a more comprehensive testing, thereby increasing the number of rules which will affect your overall compliance score (it can go up or down depending on the environment)

For more information on the updated network security ruleset, you can refer to :

• Dome9 release notes: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/784400389/Release+Notes
• Content Updates Page: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/789348353/Cloud+Guard+Compliance+Updates
• Documentation Page: https://docs.google.com/document/d/1IzIt5fdDq8V2fl89ytDd6RekW-q7NhEQLgVATVe3iHo/edit?ts=5d9e5e6c#